Your personal data and SESAR JU website
- The SESAR JU collects your personal information only to the extent necessary to fulfill a precise purpose related to our tasks as a Joint Undertaking
- The policy on the processing of personal data by the Union institutions is based on Regulation (EC) N° 45/2001 of the European Parliament and of the Council of 18 December 2000.
- We do not reuse the information for another purpose that is different to the one stated;
- We put in place measures to guarantee that your data are kept up-to-date and processed securely;
- Under certain conditions outlined in law, we may disclose your information to third parties, (such as the European Anti-Fraud Office, the Court of Auditors, or law enforcement authorities) if it is necessary and proportionate for lawful, specific purposes;
- We will never divulge your personal data for direct marketing purposes;
- You have the right to access your personal information, to have it corrected and the right to recourse; at any time if you believe your data protection rights have been breached;
- We do not keep your personal information for longer than necessary for the purposes for which we collected it;
You can browse through the SESAR JU website without disclosing personal information, except for in cases where personal data is required for specific purposes (such as e-newsletter subscriptions, web forms and event registration).
In these cases:
- A controller determines the purposes and means of the processing of personal data and ensures the conformity with data protection rules;
- At the SESAR JU, the Data Protection Officer, monitors the compliance with the Regulation and advises controllers and data subjects on their respective responsibilities and rights;
This section lists the cookies that this website uses and describes their purpose.
You will also find some more detail here about cookies relating to our social media channels and Piwik analytics, the service we use for our statistics, including privacy measures, opting out and masking of IP addresses.
Visits to the SESAR JU website are logged. The information logs are used solely with the aim to better understand how people use the site. Analysis is performed by the Piwik analytics tool.
Hereunder more information on the cookies used on the SESAR JU website and why:
Piwik analytics cookies are used to collect information about how visitors use our site. The SESAR JU uses the information to compile reports and to help us improve the site. Cookies collect information in an anonymous form, including the number of visitors to the site, where visitors to the site come from and the pages they visit.
Piwik enables the protection of end-user personal data thanks to features such as IP address de-identification and a mechanism for users to opt-out so that their browsing is not processed for analytics purposes
By default, the browsing experience of website visitors is tracked by Piwik tool in order to produce anonymised statistics.
You may choose not to be tracked (opt-out). If you change your mind, you can choose to be tracked again (opt-in).
A banner will appear on every page of the web site, informing you of the use of coockies and giving you the possibility to opt-in or opt-out. If you choose to opt-in (and thus being tracked), you can always change you mind and opt-out on this page; Furthermore you will be asked for your consent every six months.
Please note: this feature will opt you out (or in) of cookies too. If you choose to opt-out, you will receive an opt-out cookie (piwik_ignore) so that your decision is remembered. If you regularly delete your cookies, you will need to opt-out each time you delete them.
The purpose of the SessionID cookie is to uniquely identify a user associated to the session. The cookie-related information is not used to identify you personally.
Cookies are not set by our display of social media buttons to connect to those services when our website pages are loaded on your computer (or other devices) or from components from those services embedded in our web pages.
Each social media channel has their own policy on the way they process your personal data when you access their sites.
YouTube: Some videos available on the SESAR JU website are embedded from SESAR JU’s official YouTube channel. YouTube’s privacy-enhanced mode is enabled: this means that YouTube will not set cookies for a user who views a web page that contains a privacy-enhanced YouTube embed video player, but does not click on the video to begin playback. Moreover, the application of the privacy-enhanced mode implies that YouTube will not store personally-identifiable cookie information for playbacks of embedded videos. More info available on YouTube’s embedding videos information page.
Twitter: Clicking on the Twitter icon on our website will re-direct you to the Twitter site, which has its own cookie and privacy policies over which we have no control.
LinkedIn: by clicking on the LinkedIn button on our website, you will be re-directed to the LinkedIn site, which has its own cookie and privacy policies over which we have no control;
If you have any concerns or questions about their use of your personal data, you should read their privacy policies carefully before using them.
Piwik is configured to store first-party cookies that expire after 6 months.
Piwik cookies enable the SESAR JU to track the following information about visitors. We use this information to prepare aggregated, anonymous statistics reports of visitor activity:
- IP address (masked)
- Location: country, region, city, approximate latitude and longitude (Geolocation)
- Date and time of the request (visit to the site)
- Title of the page being viewed (Page Title)
- URL of the page being viewed (Page URL)
- URL of the page that was viewed prior to the current page (Referrer URL)
- Screen resolution of user's device
- Time in local visitor's time-zone
- Files that were clicked and downloaded (Download)
- Links to an outside domain that were clicked (Outlink)
- Pages generation time (the time it takes for webpages to be generated by the webserver and then downloaded by the visitor: Page speed)
- Main language of the browser being used (Accept-Language header)
- Browser version, browser plugins (PDF, Flash, Java, …) operating system version, device identifier (User-Agent header)
- Language of the visited page
- Site Search
To improve the accuracy of the produced reports, information is also stored in a first-party cookie from our website and then collected by Piwik:
- Random unique Visitor ID
- Time of the first visit for the specific visitor
- Time of the previous visit for the specific visitor
- Number of visits for the specific visitor
- First party cookies are set by the website you’re visiting. Only that website can read them. In addition, a website might potentially use an external service to analyse how people are using their site. Piwik sets their own cookie to do this and does not use external parties. The data collected is masked and cannot be used to identify a particular visitor. They will not be shared with any other organisation for marketing, market research or commercial purposes. For persistent cookies, a random ID is generated by Piwik, which allows SESAR JU to identify when a user returns to the site. All persistent cookies have an expiration date (6 months), after which they are automatically removed from the user's device.
- Persistent cookies are saved on your computer and are not deleted automatically when you close your browser, unlike a session cookie, which is deleted when you close your browser. The SESAR JU retains full control of the data collected through first-party cookies by storing the data in servers fully controlled by the SESAR JU.
A page of SESAR JU web site contains a timeline that is built using a third party application. The _cfduid cookie from knightlab.com is necessary to render properly the timeline. It is used by the content network, Cloudfare, to identify trusted web traffic and is not used to store personal data.
How to control cookies from your browser
Most browsers automatically accept cookies. You can prevent cookies from being stored on your computer or device by changing your browser settings instructions for most frequently used browsers are given below:
Do not track preferences
Do not track is a function that allows visitors to opt out from being tracked by websites for any purpose including the use of analytics services, advertising networks and social platforms. Do not track options are available in a number of browsers including:
- If you enable do not track in your web browser, Piwik will respect your choice and you will see the following text appearing on the legal notice page (www.sesarju.eu/legal-notice) : "You are not being tracked since your browser is reporting that you do not want to. This is a setting of your browser so you won't be able to opt-in until you disable the 'Do Not Track' feature".;
- If you have enabled the do not track function, you will not be tracked. This is in addition to you opting-out of the aggregation and analysis of data for our website statistics;
- If you have not enabled the do not track option but you choose to opt-out from Piwik, your data will not be used by Piwik;
- if you have disabled all cookies from your browser, we will still collect some general data about your browsing (e.g. a record of a visitor to our website) but they will be less accurate and your visit will not be tracked (Piwik cookies are not used).
The SESAR JU relies on the external service provider flexmail.eu for the registration and management of subscriptions to its newsletter. This service provider is based in Belgium. Processing of personal data by or on behalf of the SESAR JU is compliant with Regulation (EC) No 45/2001 on the protection of individuals with regard to the processing of personal data by the European Union institutions and bodies.
The Data Protection Officer at SESAR JU
Each European Union institution or body has a Data Protection Officer (DPO).
The primary role of the DPO is to ensure that the SJU processes the personal data of its staff, customers, providers or any other data subject in compliance with Reg. 45/200, and to keep a register of all personal data processing operations carried out by data controllers in the SJU.
The role of the DPO includes:
- Providing advice and recommendations to the institution about the interpretation or application of the data protection rules;
- Ensuring data protection compliance within her institution and help the latter to be accountable in this respect.
- Handling queries or complaints on request by the institution, the controller, other person(s), or on her own initiative;
- Cooperating with the EDPS (responding to his requests about investigations, complaint handling, inspections conducted by the EDPS, etc.);
- Drawing the institution's attention to any failure to comply with the applicable data protection rules.
Who is the European Data Protection Supervisor (EDPS) and how can the EDPS help you?
The EDPS is an independent supervisory authority responsible for monitoring and ensuring the application of data protection rules by European Community institutions and bodies, including the SJU.
If you feel that your personal data are being misused by the SJU, or their processing by the SJU is otherwise not compliant with Reg. 45/2001, you should first notify the DPO for the processing in question and ask him to take action.
Your rights when we process your personal data
Everyone has the right to know that his or her personal data are being processed and for what/which purpose. As a data subject, you have the right to obtain from the data controller:
- Confirmation as to whether or not data related to you are being processed;
- Information on the purposes of processing
- Knowledge of the logic involved in any automated decision processes concerning you.
You also have the right to contact the data controller to obtain the rectification, without delay, of inaccurate or incomplete data (art. 14 of Regulation (EC) No 45/2001)
Right to object (art. 18 (a))
You have the right to object, at any time, to the processing of data relating to you except in certain cases, such as where the processing is based on a legal obligation of the data controller.
Where there is a justified objection based on legitimate grounds relating to the particular situation of the data subject, the processing in question may no longer involve those data.
Blocking (art 15)
Blocking means the freezing of personal data at a given moment for a specific period of time.
Blocked data may only be processed, with the exception of their storage, for purposes of proof, or with the data subjects’ consent, or for the protection of the right of a third party.
As a data subject, you have the right to obtain blocking of data where:
- the accuracy of your personal data is contested (b the data subject), for a period enabling the controller to verify the accuracy, including the completeness, of the data or;
- the SJU no longer needs the data for the purpose of processing;
- the processing is unlawful and you as a data subject oppose their erasure by demanding their blocking instead.
Right to erasure (art 16)
If you believe the processing of your data has been carried out unlawfully or that your rights as a data subject have been infringed, you have the right to obtain erasure of data.
What principles should be complied with by the SJU when processing personal data? (art. 4)
Personal data must be processed fairly and lawful, and only to the extent necessary to fulfill a specific and legitimate purpose. Re-use of the data for further, incompatible purpose is not permitted;
The data collected must be adequate, relevant and not excessive in relation to the purposes of the processing;
It must be kept accurate and up to date;
It should be kept no longer than necessary;
It can only be processed in accordance with the data subjects rights;
It should be stored securely;
It should not be transferred to third parties without adequate safeguards (art. 7, 8 and 9)
SJU does not transfer any data to third parties. The only third party organisations acting as processor are Piwik (for analytics data, see above), Digital Ocean (hosting the SJU web site) and 20STM (as online content contrator) that are all GDPR compliant. Neither 20STM nor Digital Ocean use personal data for any statistical or behavioural advertising.
Contact our Data Protection Officer at SJU: email@example.com